Warning: Web browsers need to be updated in wake of flaw

A critical vulnerability in Adboe Flash was released yesterday. While some browsers will update automatically, others will need to be updated by IT to avoid attacks that could steal users log-in credentials.

The flaw has actually been known in some circles for a while. Security researcher Michele Spagnuolo alerted Google and Adobe to the flaw in Flash, which can be exploited to send sensitive information to hackers.

According to Spagnuolo’s blog post on the attack, which he dubs Rosetta Flash, “ by uploading a carefully crafted SWF, an attacker can make the victim perform requests that have side effects and exfiltrate sensitive data to an external, attacker-controlled, domain.”

Some browsers update automatically, others won’t

If you’re on Google Chrome or Microsoft Internet Explorer 10 or 11, you’re covered. Since those browsers package Flash into them, Google and Microsoft automatically patch flawed versions for users.

Top Trending Resources

About IT Manager Daily

IT Manager Daily, part of the Catalyst Media Network, provides the latest IT and business technology news for IT professionals in the trenches of small-to-medium-sized businesses. Rather than simply regurgitating the day’s headlines, IT Manager Daily delivers actionable insights, helping IT execs understand what technology trends mean to their business.